Like Kon-boot we talked about in our last post VBootkit 2.0 is an updated code from 2007 that hasnt hit the internet yet , but is pretty much the same idea, modify the bootmgr and you essentially can modify the security checks on the fly to let you do anything you wanted on the system as any user without knowing the password. Read more from there authors site ::HERE::

VBootkit 2.0 is a follow-up to earlier work that Kumar and Kumar have done on vulnerabilities contained in the Windows boot process. In 2007, Kumar and Kumar demonstrated an earlier version of VBootkit for Windows Vista at the Black Hat Europe conference.

The latest version of VBootkit includes the ability to remotely control the victim’s computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user’s password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected.

If you look under the top banner you’ll notice a new forums link, we wanted to test drive a forum to see if its something the community would like to utilize. Sign-up and post your questions

An unknown organization is systematically checking for open SIP ports and then trying common extension usernames and passwords. If they find weak passwords, they are then into the PBX and can make thousands of calls in a matter of minutes. Protect yourself. Some were Asterisk and some were SIP-based VoIP PBX. Itappears that the hack has nothing to do with any sort of Asterisk vulnerability, but with insecure passwords set for extensions.

Src: junctionnetworks.com

A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about self-incrimination in an electronic age.

In an abrupt reversal, U.S. District Judge William Sessions in Vermont ruled that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, does not have a Fifth Amendment right to keep the files encrypted.

Src: Cnet

I dont know why this is big news , like she ever used a password that wouldn’t have been cracked using a dictionary file? But none the less ,much like her gmail and youtube accounts Miley Cyrus Twitter account has been hacked. Of course if Twitter got it right the first time or after their other publicized hack and had limited account login attempts, they probably wouldn’t have succeeded.

Please take note that this handy tip is intended to recover/regain a forgotten Vista Administrator password. It is not intended to illegally hacking into a Vista system that’s not owning by users who refer this guide!! It is also intended to inform Vista users about the method by which anyone can access their private accounts by cracking passwords….Thus anyone can hack into administrator account and bypass guest user restrictions…. Lets start… Steps to hack Windows Vista Administrator account password: (more…)

Someone hacked into Twitter’s internal admin tools and compromising 33 high profile accounts, including President Elect Barack Obama,Fox News,and Britney Spears.

Here is Twitter’s official explanation.

The password was obtained by a bruteforce method using a wordlist only because Twitter didnt have lockout mechanism for their admin login, and the cracker was able to keep trying new passwords until he got into an admin account of Crystal,who’d chosen the weak password “happiness.”

BFG is a brute-force password generator for thc-hydra, which doesn’t have a brute-force module in the original version, and can only perform dictionary attacks.
BFG adds this functionality to hydra, possibly making it a better tool for security testing/hacking.
http://bfg.houbysoft.com/

From the moment people started using passwords, it didn’t take long to realize how many people picked the very same passwords over and over. Even the way people misspell words is consistent. In fact, people are so predictable that most hackers make use of lists of common passwords just like these. To give you some insight into how predictable humans are, the following is a list of the 500 most common passwords. If you see your password on this list, please change it immediately. Keep in mind that every password listed here has been used by at least hundreds if not thousands of other people.

There are some interesting passwords on this list that show how people try to be clever, but even human cleverness is predictable. For example, look at these passwords that I found interesting:
(more…)

Have you ever had a Master Lock but forgot the combination? We all know the soda can method where youcreate a ‘shim’ in order to bypass the locking mechanism. Here is an easy tutorial on how to find a lost code. Caution: The newer Master Locks may or may not work. It is much more difficult to distinguish the difference between the different sticky numbers in the newer models.
(more…)